Apple's latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause?

Connecting to a port greater than 8192 using a hostname now stalls, possibly

Updated Apple's latest update to macOS Catalina appears to have broken SSH for some users.

Developer Tyler Hall published a blog post on Monday detailing the issue, but removed it after his writeup got noticed.

The issue is that under Apple's macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works – for some users at least. SSH is a Swiss army knife that can be used to securely connect to remote machines to run commands, transfer files and other data, and so on.

The Register asked Hall to elaborate on his findings but he declined, citing the possibility that the problem might be particular to his set up rather than a bug in the software Apple shipped.

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?

Hall demonstrated similar post-publication remorse this last October when he criticized the code quality of macOS Catalina, comparing it to Windows Vista. That sentiment is shared among many other macOS users (eg: "macOS 10.15 is chockablock with paper-cut bugs" – John Gruber). But the responses Hall received from friends within Apple led him to regret that post, too.

We asked Apple to comment but we've received no reply. Cupertino seldom addresses public criticism. Until June 2016, Apple even implied in its App Store Review Guidelines that it would look unfavorably on developers who complain publicly about rejected apps. Up to that point, its policy said, "If you run to the press and trash us, it never helps."

The US government's renewed antitrust scrutiny of companies like Amazon, Apple, Facebook, and Google in recent years has perhaps encouraged more caution in publicly declared tech platform policies.

The issue that Hall reported has been noted by others. A post two days ago on Apple's discussion forum complains, "After that update I am no longer able to open a SSH connection to a port greater than 8192 using server name (instead of IP)." And three discussion participants claim they too have experienced the same issue.

One of these individuals, posting under the user name "webdeck," filed a bug port in Open Radar, a public iOS and macOS bug reporting site created by developer Tim Burks because Apple hides its Radar bug reporting system from the public.

The bug report reads, "/usr/bin/ssh in macos 10.15.4 hangs if used with the -p flag to specify an alternate port and used with a hostname. This was not present in macOS 10.15.3."

There's reason to believe, however, that not all those using SSH to connect to ports greater than 8192 using a host name have experienced problems. In the Hacker News discussion, several participants report being unable to reproduce the reported bug. That suggests the interplay of other software, like package manager Homebrew, or specific configuration settings may be relevant.

If this is a bug in Apple's software, perhaps it will be fixed in macOS 10.15.5, the beta version of which was just seeded to developers. And if Apple was more transparent about the bugs it's aware of, we might understand what's going on. ®

Updated to add

Judging from Open Radar, it appears the problem is caused if you have a proxy configured. Disabling Auto Proxy Discovery, for instance, lets SSH work as normal, and re-enabling it breaks the software.

Editor's note: We're happy to clarify that Hall did not remove his October 7, 2019 post about macOS Catalina as first reported. It was merely unavailable at the time we checked. Hall has also restored the SSH post he removed previously.